Skip to content

SBOM for Windows contains duplicate component IDs #129706

@sethmlarson

Description

@sethmlarson

It was brought to my attention that the Windows SBOMs contain duplicate IDs for the libmpdec project, since Windows uses its own copy from the CPython sources repository in addition to the bundled copy in the CPython source tree.

In theory this will not be an issue once libmpdec is unbundled from the CPython source tree, but for now we can disambiguate by adding more variation to component IDs to disambiguate.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions